Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe

Filtered by product Struts

Total 85 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2008-6682	1 Apache	1 Struts	2024-02-28	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
CVE-2008-6505	1 Apache	1 Struts	2024-02-28	5.0 MEDIUM	N/A
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
CVE-2005-3745	1 Apache	1 Struts	2024-02-28	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
CVE-2006-1548	1 Apache	1 Struts	2024-02-28	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
CVE-2006-1546	1 Apache	1 Struts	2024-02-28	7.5 HIGH	N/A
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

«
1
2
3
4
5
»